projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Updates to GOST2012
[openssl.git]
/
ssl
/
statem
/
statem_lib.c
diff --git
a/ssl/statem/statem_lib.c
b/ssl/statem/statem_lib.c
index f2a2925deb5a678c950b8bacc291054f3588632c..ab860f6146e731f53d569bdfb2101313f4aec445 100644
(file)
--- a/
ssl/statem/statem_lib.c
+++ b/
ssl/statem/statem_lib.c
@@
-306,7
+306,7
@@
MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
i = s->s3->tmp.peer_finish_md_len;
i = s->s3->tmp.peer_finish_md_len;
- if (
i < 0 ||
(unsigned long)i != PACKET_remaining(pkt)) {
+ if ((unsigned long)i != PACKET_remaining(pkt)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
goto f_err;
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
goto f_err;
@@
-331,7
+331,7
@@
MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
s->s3->previous_server_finished_len = i;
}
s->s3->previous_server_finished_len = i;
}
- return MSG_PROCESS_
CONTINUE_PROCESS
ING;
+ return MSG_PROCESS_
FINISHED_READ
ING;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
ossl_statem_set_error(s);
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
ossl_statem_set_error(s);
@@
-405,9
+405,6
@@
WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst)
s->new_session = 0;
if (s->server) {
s->new_session = 0;
if (s->server) {
- s->renegotiate = 0;
- s->new_session = 0;
-
ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
s->ctx->stats.sess_accept_good++;
ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
s->ctx->stats.sess_accept_good++;
@@
-626,9
+623,16
@@
int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
ret = SSL_PKEY_ECC;
}
#endif
ret = SSL_PKEY_ECC;
}
#endif
+#ifndef OPENSSL_NO_GOST
else if (i == NID_id_GostR3410_2001) {
ret = SSL_PKEY_GOST01;
else if (i == NID_id_GostR3410_2001) {
ret = SSL_PKEY_GOST01;
- } else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) {
+ } else if (i == NID_id_GostR3410_2012_256) {
+ ret = SSL_PKEY_GOST12_256;
+ } else if (i == NID_id_GostR3410_2012_512) {
+ ret = SSL_PKEY_GOST12_512;
+ }
+#endif
+ else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) {
/*
* For DH two cases: DH certificate signed with RSA and DH
* certificate signed with DSA.
/*
* For DH two cases: DH certificate signed with RSA and DH
* certificate signed with DSA.